VYPR

CWE-611

Improper Restriction of XML External Entity Reference

BaseDraft

Description

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-221

CVEs mapped to this weakness (684)

page 10 of 35
  • CVE-2018-6670HigJun 7, 2018
    risk 0.50cvss 7.6epss 0.01

    External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.

  • CVE-2018-10613HigJun 4, 2018
    risk 0.50cvss 7.5epss 0.18

    Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.

  • CVE-2017-11272HigAug 11, 2017
    risk 0.50cvss 7.5epss 0.13

    Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability.

  • CVE-2014-0225HigMay 25, 2017
    risk 0.50cvss 8.8epss 0.02

    When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

  • CVE-2016-7459HigDec 29, 2016
    risk 0.50cvss 7.7epss 0.02

    VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity…

  • CVE-2016-5851HigDec 21, 2016
    risk 0.50cvss 8.8epss 0.02

    python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.

  • CVE-2023-42346HigMay 8, 2026
    risk 0.49cvss 7.5epss 0.00

    Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host.

  • CVE-2024-13971HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

  • CVE-2024-39847HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

  • CVE-2024-2374HigApr 16, 2026
    risk 0.49cvss 7.5epss 0.00

    The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of…

  • CVE-2026-29924HigMar 30, 2026
    risk 0.49cvss 7.6epss 0.00

    Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.

  • CVE-2025-44044HigJun 10, 2025
    risk 0.49cvss 7.5epss 0.00

    Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can force a vulnerable SearchUnit host into parsing maliciously crafted XML and/or DTD files can exfiltrate some files from the underlying operating system.

  • CVE-2024-52807HigJan 24, 2025
    risk 0.49cvss 8.6epss 0.01

    The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce…

  • CVE-2024-55887HigDec 13, 2024
    risk 0.49cvss 8.6epss 0.01

    Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host…

  • CVE-2024-52007HigNov 8, 2024
    risk 0.49cvss 8.6epss 0.01

    HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTYPE foo [<!ENTITY example…

  • CVE-2024-45294HigSep 6, 2024
    risk 0.49cvss 8.6epss 0.01

    The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prior to version 6.3.23, XSLT transforms performed by various components are…

  • CVE-2024-45490HigAug 30, 2024
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

  • CVE-2018-11796HigOct 9, 2018
    risk 0.49cvss 7.5epss 0.07

    In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity…

  • CVE-2018-16303HigSep 1, 2018
    risk 0.49cvss 7.5epss 0.02

    PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.

  • CVE-2018-13823HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.02

    An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.